Article

coolguys's picture

Modifying Custom Attributes with the IDM Null Driver

Author Info

10 December 2007 - 10:42am
Submitted by: coolguys

Author Blog
Author Profile

Tags

Tags Map
article
Reads:

1693

Score:
0
0
 
Comments:

0

Problem

A Forum reader recently asked:

"I have IDM 3.5 with a Identity Vault and other drivers, such as AD, JDBC, and Notes. Can I modify a custom attribute on users in a OU in my IDV? This operation is captured by a loopback driver that create a user on another OU of my driver, with some attributes populated."

And here's the response from Father Ramon ...

Solution

Here's what you need to do:

1. Use the null driver rather than the loopback driver.

2. Add a User to the subscriber filter.

3. Set it to synchronize on the subscriber channel and ignore on the publisher channel.

4. Add the Description attribute to the User class in the filter

5. Set it to notify on the subscriber channel and ignore on the publisher channel.

6. Add a subscriber channel event transformation - something like this:

<policy>
  <rule>
   <description>create portal user</description>
   <conditions>
    <and>
     <if-class-name mode="nocase" op="equal">User</if-class-name>
     <if-src-dn op="in-container">users</if-src-dn>
     <if-op-attr mode="nocase" name="Description" 
op="changing-to">pippo</if-op-attr>
    </and>
   </conditions>
   <actions>
    <do-set-local-variable name="portalDN" scope="policy">
     <arg-string>
      <token-text xml:space="preserve">portal\</token-text>
      <token-src-name/>
     </arg-string>
    </do-set-local-variable>
    <do-add-src-object class-name="User">
     <arg-dn>
      <token-local-variable name="portalDN"/>
     </arg-dn>
    </do-add-src-object>
    <do-add-src-attr-value class-name="User" name="Surname">
     <arg-dn>
      <token-local-variable name="portalDN"/>
     </arg-dn>
     <arg-value>
      <token-src-attr name="Surname"/>
     </arg-value>
    </do-add-src-attr-value>
   </actions>
  </rule>
  <rule>
   <description>Veto further processing</description>
   <conditions/>
   <actions>
    <do-veto/>
   </actions>
  </rule>
</policy>

7. Duplicate the last action in the first rule for each attribute you want to copy from the original object to the new object.

For information on the difference between a loopback driver and a null driver, see:

http://www.novell.com/documentation/idm35/admin/data/b9132yx.html


Author Info

10 December 2007 - 10:42am
Submitted by: coolguys

Author Blog
Author Profile

Tags

Tags Map


Related Articles


User Comments

© 2009 Novell, Inc. All Rights Reserved.